From: "'Antoine Poinsot' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: [bitcoindev] Public disclosure of 4 Bitcoin Core security advisories
Date: Fri, 24 Oct 2025 15:53:15 +0000 [thread overview]
Message-ID: <I5lwexjm1EkKFZpV4_A4b6XvYXvIGjJZ3UpYhfzeC4rXmnNDVQ0Mob4X1We1hmWaisx_0ZSNn6BKH99kfig6rTChHbsCPMZBk2k0ua1E8Ng=@protonmail.com> (raw)
Hi everyone,
In accordance with our security disclosure policy, i am sharing today four advisories for
*low-severity* security vulnerabilities fixed in Bitcoin Core version 30.0.
Two weeks ago we pre-announced that we would release advisories for five low-severity
vulnerabilities. One of these has since been promoted to medium severity, and its public
disclosure has therefore been rescheduled in accordance with our policy.
The four vulnerabilities publicly disclosed today are the following:
- CVE-2025-54604: Disk filling from spoofed self connections [0]
- CVE-2025-54605: Disk filling from invalid blocks [1]
- CVE-2025-46597: Highly unlikely remote crash on 32-bit systems [2]
- CVE-2025-46598: CPU DoS from unconfirmed transaction processing [3]
The fixes for CVE-2025-54604, CVE-2025-54605 and CVE-2025-46597 are also included in Bitcoin Core
version 29.1 and later minor releases. Thanks to Eugene Siegel, Niklas Goegge and Pieter Wuille for
reporting these issues and to everyone involved in fixing them.
Our disclosure policy as well as previously disclosed vulnerabilities are available on the Bitcoin
Core website at [4].
Antoine Poinsot
[0]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-54604/
[1]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-54605/
[2]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-46597/
[3]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-46598/
[4]: https://bitcoincore.org/en/security-advisories/
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/I5lwexjm1EkKFZpV4_A4b6XvYXvIGjJZ3UpYhfzeC4rXmnNDVQ0Mob4X1We1hmWaisx_0ZSNn6BKH99kfig6rTChHbsCPMZBk2k0ua1E8Ng%3D%40protonmail.com.
reply other threads:[~2025-10-24 16:26 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='I5lwexjm1EkKFZpV4_A4b6XvYXvIGjJZ3UpYhfzeC4rXmnNDVQ0Mob4X1We1hmWaisx_0ZSNn6BKH99kfig6rTChHbsCPMZBk2k0ua1E8Ng=@protonmail.com' \
--to=bitcoindev@googlegroups.com \
--cc=darosior@protonmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox